azure-search-openai-demo icon indicating copy to clipboard operation
azure-search-openai-demo copied to clipboard

Published 20 hours ago verified publisher icon Azure-Samples

Doesn't this still send the private data to the completion end-point though?

Open PlutoniaX opened this issue 1 year ago • 3 comments

Hi,

How is the private data chunks being sent for completion? If it's sent to the GPT completion end-point then isn't that still exposing the private chunks outside of your organisations?

Would love to understand more details as I am actively looking to use this over highly sensitive data.

Cheers

PlutoniaX avatar Apr 08 '23 23:04 PlutoniaX

It does send your prompt data to the completion endpoint, but that does not make it part of the knowledge for the base GPT-* model. It is retained by Microsoft only for 30 days in an encrypted state and only authorized Microsoft Employees can get access to it. You can read more about the policy here. Following paragraph answers your question for this context: How is data retained and what Customer controls are available? Prompts and completions. The prompts and completions data may be temporarily stored by the Azure OpenAI Service in the same region as the resource for up to 30 days. This data is encrypted and is only accessible to authorized Microsoft employees for (1) debugging purposes in the event of a failure, and (2) investigating patterns of abuse and misuse to determine if the service is being used in a manner that violates the applicable product terms. Note: When a customer is approved for modified abuse monitoring, prompts and completions data are not stored, and thus Microsoft employees have no access to the data.

itsamk avatar Apr 09 '23 04:04 itsamk

Thanks for the clarification. "This data is encrypted and is only accessible to authorized Microsoft employees"

How are organisations dealing with highly sensitive information (including the prompts) handling this when using the API? Do they authorise these MS employees as part of the Master Service Agreement or something?

PlutoniaX avatar Apr 09 '23 22:04 PlutoniaX

I am having similar question. This page says the data is cached " in the same region as the resource for up to 30 days." Which is the region here? Will the Microsoft Employees verifying this information covered under MSA and for which jurisdiction? How is the region defined if the application to be hosted in multiple countries because the organization is spanned across Asia/Europe?

sahyagiri avatar Apr 17 '23 03:04 sahyagiri

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this issue will be closed.

github-actions[bot] avatar Dec 31 '23 01:12 github-actions[bot]

I am closing this issue since this is a general question about Azure OpenAI, not specific to this code. That page has since been updated with additional clarifications, so hopefully that answers more of your questions: https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy

pamelafox avatar May 15 '24 22:05 pamelafox